protected override Task <HttpResponseMessage> SendAsync
        (
            HttpRequestMessage request,
            CancellationToken cancellationToken
        )
        {
            IEnumerable <string> authorizationValue;
            var hasAutorization = request.Headers.TryGetValues("X-PATRONS-AUTH-TOKEN", out authorizationValue);

            if (hasAutorization)
            {
                var token = authorizationValue.First();

                /*-----------------------------------------------------------------------------------------
                *  INSPECT TOKEN TO SEE IF USER EXISTS AND TOKEN HAS NOT EXPIRED
                *  -----------------------------------------------------------------------------------------*/
                DateTime timeStampTokenCreated;
                DateTime timeStampTokenExpires;

                IWinstarDataModel winstarDataModel = AuthTokenHelper.UnPackAuthToken(token, out timeStampTokenCreated, out timeStampTokenExpires);

                //IF TOKEN EXPIRES TIMESTAMP IS LESS THAN NOW, ABORT
                if (timeStampTokenExpires < DateTime.Now)
                {
                    return(CreateUnauthorizedResponse("Authorization has expired.  Please login again."));
                }

                //GET USER
                IUserModel currentUser = SecurityHelper.GetWinstarPatron(winstarDataModel);

                //IF USER IS UNKNOWN, THEN ABORT
                if (currentUser == null)
                {
                    return(CreateUnauthorizedResponse("User is unknown."));
                }

                //CAPTURE DATA FOR USE IN CONTROLLERS (SEE SecureApiController)
                ObjectFactory.Configure(x => x.For <IWinstarDataModel>().Singleton().Use(winstarDataModel));
                ObjectFactory.Configure(x => x.For <IUserModel>().Singleton().Use(currentUser));

                //CONVERT CURRENT USER TO AN AUTHENTICATED USER
                Thread.CurrentPrincipal = currentUser.ToClaimsPrincipal();

                //SET HTTP CONTEXT CURRENT USER TO AUTHENTICATED USER
                if (HttpContext.Current != null)
                {
                    HttpContext.Current.User = Thread.CurrentPrincipal;
                }
            }

            return(base.SendAsync(request, cancellationToken)
                   .ContinueWith(task =>
            {
                return task.Result;
            }));
        }
        /// <summary>
        /// LOGIN AND AUTHENTICATE USER VIA A LOGIN FORM
        /// </summary>
        /// <param name="loginModel"></param>
        /// <returns></returns>
        public static IUserModel GetWinstarPatron(IWinstarDataModel dataModel)
        {
            var MOC       = new WinStarSoap.MobileOffersClient();
            var userName  = dataModel.UserName;
            var password  = dataModel.Password;
            var facility  = dataModel.Facility;
            var ipAddress = dataModel.IpAddress;

            try
            {
                WinStarSoap.patron patron = MOC.getPatron(userName, password, facility, ipAddress);

                IUserModel userModel = new UserModel();
                userModel.AcctType                = patron.acctType;
                userModel.DOB                     = patron.dob;
                userModel.FirstName               = patron.firstName;
                userModel.MiddleInit              = patron.midInit;
                userModel.LastName                = patron.lastName;
                userModel.PhoneNumber             = patron.phone;
                userModel.MobileNumber            = patron.mobile;
                userModel.EmailAddress            = patron.email;
                userModel.EmailFlag               = (patron.emailFlag == "Y");
                userModel.AddressLine1            = patron.addr1;
                userModel.AddressLine2            = patron.addr2;
                userModel.City                    = patron.city;
                userModel.State                   = patron.state;
                userModel.Zip                     = patron.zip;
                userModel.CashAvailable           = patron.cashAvailable;
                userModel.CurrentCardLevel        = patron.currentCardLevel;
                userModel.CurrentPoints           = patron.currentPoints;
                userModel.PointsAvailable         = patron.pointsAvailable;
                userModel.PointsToNextLevel       = patron.pointsToNextLevel;
                userModel.PointsToNextLevelByDate = patron.pointsToNextLevelByDate;
                userModel.NextCardLevel           = patron.nextCardLevel;
                userModel.SixMonthADT             = patron.sixMonthADT;
                userModel.Facility                = patron.facility;
                userModel.IsGolfMember            = (patron.golfMember == "Y");
                userModel.HostFlag                = patron.hostFlag;
                userModel.NewsFlag                = patron.newsFlag;
                userModel.HostName                = patron.hostName;
                userModel.Token                   = patron.token;
                userModel.ErrorNumber             = patron.error;

                return(userModel);
            }
            catch (Exception ex)
            {
                throw new Exception("Error happened retrieving patron", ex);
            }
        }
Example #3
0
        private static String Encrypt(IWinstarDataModel userModel)
        {
            var tokenExpiresHours = int.Parse(ConfigurationManager.AppSettings["Max_Token_Expires_Hours"]);
            var tokenCreated      = DateTime.Now.Ticks;
            var tokenExpiration   = DateTime.Now.AddHours(tokenExpiresHours).Ticks;

            /*
             * TOKEN IS COMPRISED OF THE FOLLOWING INFORMATION:
             * 0: USER NAME
             * 1: PASSWORD
             * 2: FACILITY
             * 3: IP ADDRESS
             * 4: TOKEN CREATED TIME STAMP
             * 5: TOKEN EXPIRATION TIMESTAMP
             */
            var encodedValue = EncodeTo64(String.Format("{0}:{1}:{2}:{3}:{4}:{5}", userModel.UserName, userModel.Password, userModel.Facility, userModel.IpAddress, tokenCreated, tokenExpiration));

            var rsa = new RSACryptoServiceProvider();

            rsa.FromXmlString(PublicKey);

            var dataToEncrypt      = Encoder.GetBytes(encodedValue);
            var encryptedByteArray = rsa.Encrypt(dataToEncrypt, false).ToArray();
            var length             = encryptedByteArray.Count();
            var item = 0;
            var sb   = new StringBuilder();

            foreach (var x in encryptedByteArray)
            {
                item++;
                sb.Append(x);

                if (item < length)
                {
                    sb.Append(",");
                }
            }

            return(sb.ToString());
        }
Example #4
0
 /// <summary>
 /// BASE CONTROLLER
 /// </summary>
 public SecureApiController()
 {
     CurrentUser      = ObjectFactory.GetInstance <IUserModel>();
     WinstarDataModel = ObjectFactory.GetInstance <IWinstarDataModel>();
 }
        /// <summary>
        /// CONVERTS USER MODEL TO AUTHENTICATED USER (EXTENDS IUserModel)
        /// </summary>
        /// <param name="currentUser"></param>
        /// <param name="winstarDataModel"></param>
        /// <returns></returns>
        public static IAuthenticatedUser ToAuthenticatedUser(this IUserModel currentUser, IWinstarDataModel winstarDataModel)
        {
            var token = AuthTokenHelper.GenerateAuthToken(winstarDataModel);

            var autehnticatedUser = new AuthenticatedUser
            {
                CurrentUser = currentUser,
                Token       = token
            };

            return(autehnticatedUser);
        }
Example #6
0
 public static String GenerateAuthToken(IWinstarDataModel userModel)
 {
     return(Encrypt(userModel));
 }